@mat54
The definition of personal information in this law, is wider than you
assume most likely. It also includes IP addresses, nicknames, login
ids, real names, fingerprints of your browser, etc etc. basically
anything that can potentially lead back to the user.
The collection of the data in itself is not the problem though. The
purpose with which you do so, having permission (by law, process or
user consent), and what you do with the data when you no longer need
it are the key technical aspects. Added to this, is your ability to
tell the user what information you have collected about him, and
potentially remove or anonymise that data when requested, are what
determine your liability here. And like so often with law aspects, the
answer than quickly becomes 'it depends'.
For instance, if you can easily remove stuff from the database
yourself, because you have the skill and your user base is small
enough that this procedure is manageable, then you don't need the
software to be able to do that for you. You are still compliant.
If you leak all the email addresses and real names of all your users
(former and current) of a forum for coaching people with mental
illness, then you have a problem (you leaked identifiable (medical)
information of users who are no longer part of the coaching program),
especially if those people had actively requested you to delete the
information you have on them.
DJ
On Wed, Feb 21, 2018 at 5:23 PM, <mat54(a)ziggo.nl> wrote:
LS,
First of all I have no legal background so the solution must be simple and clear (KIS)
On my wiki there are only invited users and from them I have not for example a birthday ,
address or other personal information.
So in my simple mind I don’t have privacy content.
But the question remains must I still comply to the new ruling??
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l